BENGALURU: Authorities in Karnataka say a sophisticated cyber-fraud operation masquerading as a tech support centre quietly grew into a multimillion-rupee enterprise, targeting victims in the United States with engineered panic and polished communication. A weeks-long probe by the state’s newly formed Cyber Command Unit has now exposed the contours of the scheme — and the company behind it.
A Raid That Began With a Suo Motu Case
The first major operation of the Karnataka Cyber Command Unit (CCU) unfolded with little public attention but considerable internal urgency. After receiving specific intelligence and noting unusual digital activity, the police registered a suo motu case under sections of the Information Technology Act. A team led by Savitha Srinivas, the Superintendent of Police with the Special Cyber Cell, launched a late-night raid that stretched from 9 p.m. on Friday to 11 a.m. the next day.
Officers said the workplace appeared, at first glance, to be a typical tech services office located on the sixth floor of the Delta building in Sigma Soft Tech Park. But as investigators examined devices and systems, a different picture emerged: the firm, registered as Musk Communications, was allegedly orchestrating a large-scale cyber fraud aimed at users in the United States. The company had reportedly been operational since August.
“All the employees were hired for high salaries and were trained. We are ascertaining whether they all have an engineering background,” a senior officer said.
The CCU has seized all electronic devices from the premises as part of the inquiry.
Inside a Four-Layered Fraud
The cybercrime model, police officials say, was deceptively simple at the surface and technically complex underneath. The fraudsters began with targeted Facebook advertisement campaigns aimed primarily at American users. The ads embedded malicious code within what appeared to be legitimate service links or routine security alerts.
Once clicked, the code triggered a system freeze or lock, accompanied by a full-screen pop-up claiming to be from “Microsoft Global Technical Support.” The pop-up displayed a helpline number that connected victims directly to the scam’s call centre the Bengaluru office.
What followed was a script executed with precision: impersonators posed as technical support staff, claimed that the user’s computer had been hacked, and asserted that the IP address and banking data were at immediate risk. Invoking the authority of the U.S. Federal Trade Commission (FTC), they pressured victims into paying for nonexistent compliance fixes, urgent security patches, or risk-mitigation procedures.
According to investigators, the operation relied on both convincing communication and a carefully engineered system lock, creating what one officer described as “a perfect storm of fear and urgency.”
A Company Hiding in Plain Sight
For months, the office functioned like any other mid-sized tech support unit. Employees logged regular hours, handled calls, and operated under supervision — but many now detained claim that they believed they were part of a legitimate customer-service firm.
Police are verifying each employee’s credentials, training history, and recruitment process. The owner of the company, believed to be the key architect of the fraud, is absconding. Officials said they suspect “several more individuals” may be linked to the wider network.
The CCU estimates that the company may have cheated more than 500 U.S.-based victims, with the actual number possibly surpassing 1,000. The financial footprint, officers say, “runs into crores of rupees,” though a detailed audit is underway.
Expanding the Investigation
The arrests — 21 employees in total — mark the CCU’s most extensive action since its formation. Investigators are now working to trace leadership structures, identify offshore collaborators, and map the malicious code’s development.
Pronab Mohanty, Director-General of Police and head of the CCU, said the unit is examining several core questions: Who runs the company? Who trained the employees? Who developed the malicious code? And what was the full extent of the money flow?
“We suspect more than 500, and possibly over 1,000 people, may have fallen victim,” Mr. Mohanty told. “The entire chain — from the advertisements to the code deployment to the impersonation — is being analysed.”
As the CCU continues sifting through seized devices and transaction trails, officers say the case could be a template for similar operations in other cities — a reminder of how digital fraud evolves rapidly, often behind the façade of a functioning business.
